Kaspersky researchers have identified a critical remote code execution (RCE) vulnerability in the xrdp open-source remote desktop server, tracked as CVE-2025-68670. The vulnerability occurs during the Secure Settings Exchange phase, specifically within the xrdp_wm_parse_domain_information function. Because the flaw is triggered before the authentication process is completed, it presents a significant risk by allowing unauthenticated attackers to potentially compromise the server process.
The technical root cause is a stack buffer overflow. While the xrdp server converts domain strings from UTF-16 to UTF-8, it fails to properly validate the length of the domain name before copying it into a 256-byte stack buffer. Although modern compiler mitigations like stack canaries can hinder exploitation, researchers demonstrated a successful proof-of-concept. Maintainers have patched the issue in version 0.10.5 and backported security fixes to versions 0.9.27 and 0.10.4.1.
Top comments (0)